Vulnerabilities > Exposure of System Data to an Unauthorized Control Sphere

DATE CVE VULNERABILITY TITLE RISK
2024-12-11 CVE-2023-23472 IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
network
high complexity
CWE-497
3.1
3.1
2024-12-03 CVE-2024-25035 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Cognos Controller 11.0.0/11.0.1
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks.
network
low complexity
ibm CWE-497
5.3
5.3
2024-11-22 CVE-2024-41781 IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC.
high complexity
CWE-497
5.1
5.1
2024-11-12 CVE-2024-36509 Exposure of System Data to an Unauthorized Control Sphere vulnerability in Fortinet Fortiweb
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
local
low complexity
fortinet CWE-497
4.4
4.4